CVE-2026-44558

Open WebUI contains a vulnerability in the channel access grants path prior to version 0.9.0. The channel router does not call filter_allowed_access_grants on create or update, allowing a non-admin user who can create or own a group channel to submit arbitrary access grants (including public wild...

CVE-2026-44558 Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...

CVE-2026-44558 Open WebUI: Channel Access Grants Bypass filter_allowed_access_grants

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the channel router does not call filterallowedaccessgrants on either create or update paths. A non-admin user who can create group channels or who owns a channel can submit arbitrary...

GHSA-7RJH-PX4V-5W55 Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants

Channel Access Grants Bypass filterallowedaccessgrants Affected Component Channel creation and update endpoints: - backend/openwebui/routers/channels.py lines 291-340, createnewchannel - backend/openwebui/routers/channels.py lines 617-638, updatechannelbyid - backend/openwebui/models/channels.py...

PT-2026-39275

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The channel router fails to call the filter allowed access grants function during the creation or update of channels. This function is intended to strip unauthorized wildcard grants such as...